modify tcpip stack
 

Hi guys,

I am an electrical student with not much knowldege about software world.
I hope I will get answers to my basic questions from here.
I have to do a project work to compare the time spend at TCP, IP, and ethernet layers in sending and receiving traffic (ethernet over tcp/ip). I understand that I can modify the OS to get the needed results. But I dont know where to start from. I have to work on RH linux. How are the protocols imlemented in RH linux? Is the source included in the OS? which are the files to start from? If I modify them, does it mean that I have to reinstall the kernel or can i just recompile and 'install the protocols ' (whatever that means) ? Or should I do raw socket programming instead? Which is a better idea?

cheers
bf2

1 : I don't know how much of your results you can get out of it - I thought that some of the ethernet stuff was handed by the network card onboard, rather than the OS on top (I don't have any information to prove or disprove that, it's just a guess), but if I am wrong about that, then yes you can get all the information out. Yes, you can modify the source.

2 : Well, the only part of the OS that will help with that is the kernel - you should look at the tcp/ip part of the kernel, as well as perhaps the driver for your network card. (might be able to get the ethernet stuff out of there)

3 : They are implimented in the net section of the kernel (At least TCP/IP is, I don't know about ethernet) - perhaps you should find a book / guide to kernel hacking to help you with this.

4 : Yes the source should be included. Try the cd it came with. I don't have a lot of experiance with redhat, but it should be in there. It might be a source rpm - .src.rpm

5 : Unless tcp/ip is built as a module (which seems unlikely) then you will need to either
1) Make all the changes, re-compile and re-install the whole kernel
The only problem with this is that you have to re-compile the whole kernel every time you want to change your code.
2) Make all the changes, re-compile as a module, install the kernel,
and when you need to change your code, re-compile your module and use rmmod & insmod to insert the new module

Of course, that makes the assumption that you can compile tcp/ip as a module, which I am not sure you can do. (some things you can, others you can't)

6 : raw socket programming would work except for ethernet. I am pretty sure that the ethernet stuff is taken care of by the time it gets to the application, so that won't help for the ethernet part.

The other thing you may look at is tcpdump - that should allow you to see what is going on, at least at the tcp/ip side of things.

Well first off, you have it backwards bluefiord02. You don't send Ethernet traffic over TCP/IP, you send TCP/IP traffic over Ethernet. It sounds like you could use a crash course in the OSI and TCP/IP networking models (as always, I suggest Stevens' TCP/IP, Volume 1: The Protocols).

Next, from what you say--"compare the time spend at TCP, IP, and ethernet layers in sending and receiving traffic"--it does not sound like your project requires modifying the TCP/IP stack, it sounds like it involves monitoring how the system handles TCP/IP. Specifically, you need to know how much time is spent handling Ethernet (the datalink layer) and IP (the network layer), vs. TCP|UDP (the transport layer). As a generalization, the first two are usually handled by the kernel while the latter is handled by a userland daemon. What you really want to do is write a client/server application that will inform you how much time it spend in "system mode" and how much in "user mode", i.e ring 0 and ring 1.

Hopefully now you understand what you're trying to do. If I told you much more, it would be doing your homework for you, which is against board rules.

Thank a lot urzumph and chort. Still the idea of playing with the kernel scares me.

Chort, yes, I meant tcp/ip traffic over ethernet and not the other way. Carelessness!! Believe me, steven's is my current bible.

Yes, the main idea is to measure how much time is spent on each layer. So one method I figured out is to insert some time reading method into the code in the kernel that handles the protocols. That is why all the talk about modifying the protocol stack. Or then 'do everything' in an application, using raw socket.

But what you mentioned sounds little more trivial. Could you please elaborate a little bit more on this :

what is a ring? (The project is to get some results ant not figuring out what to do. so if I get some suggestions on what to do from some experts, it is no way foul :). )